Bikeshed update for 'Add a Security and Privacy considerations section, as per TAG recommendation (#36)' [ci skip]

Generated from:

commit 7f6e1d1
Author: Stephen McGruer <stephen.mcgruer@gmail.com>
Date:   Wed Dec 5 11:33:41 2018 -0500

    Add a Security and Privacy considerations section, as per TAG recommendation (#36)

Author: stephenmcgruer

index.html

@@ -9,9 +9,9 @@
   <link href="../default.css" rel="stylesheet" type="text/css">
   <link href="../csslogo.ico" rel="shortcut icon" type="image/x-icon">
   <link href="https://www.w3.org/StyleSheets/TR/2016/W3C-UD" rel="stylesheet" type="text/css">
-  <meta content="Bikeshed version 0da7328bb90ef81993146377e4e0fed236969c4c" name="generator">
+  <meta content="Bikeshed version 670c46b501fc025ae87a3398a195af35379ab37d" name="generator">
   <link href="https://wicg.github.io/scroll-animations/" rel="canonical">
-  <meta content="bf1a16b89958085853294494524129eacf1a1cf0" name="document-revision">
+  <meta content="7f6e1d108bf573b77272c3382d3cb9a01076342a" name="document-revision">
   <link href="web-animations.css" rel="stylesheet" type="text/css">
 <style>/* style-md-lists */
 
@@ -259,7 +259,7 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" width="72"> </a> </p>
    <h1 class="p-name no-ref" id="title">Scroll-linked Animations</h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Unofficial Proposal Draft, <time class="dt-updated" datetime="2018-11-26">26 November 2018</time></span></h2>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Unofficial Proposal Draft, <time class="dt-updated" datetime="2018-12-05">5 December 2018</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -343,6 +343,7 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
      </ol>
     <li><a href="#avoiding-cycles"><span class="secno">4</span> <span class="content">Avoiding cycles with layout</span></a>
     <li><a href="#scroll-triggered-animations"><span class="secno">5</span> <span class="content">Scroll-triggered (but time-driven) animations</span></a>
+    <li><a href="#appendix-a-considerations-for-security-and-privacy"><span class="secno"></span> <span class="content">Appendix A. Considerations for Security and Privacy</span></a>
     <li>
      <a href="#conformance"><span class="secno"></span> <span class="content"> Conformance</span></a>
      <ol class="toc">
@@ -904,6 +905,65 @@ <h2 class="heading settled" data-level="5" id="scroll-triggered-animations"><spa
 it for transitions, so this feature was removed.</p>
    <p>The design space for triggering animations is still open. We welcome input
 on this subject.</p>
+   <h2 class="heading settled" id="appendix-a-considerations-for-security-and-privacy"><span class="content">Appendix A. Considerations for Security and Privacy</span><a class="self-link" href="#appendix-a-considerations-for-security-and-privacy"></a></h2>
+   <p>This appendix is <em>informative</em>.</p>
+   <p>There are no known security or privacy impacts of this feature.</p>
+   <p>The W3C TAG is developing a <a href="https://www.w3.org/TR/security-privacy-questionnaire/">Self-Review Questionnaire: Security and Privacy</a> for editors of specifications to informatively answer.</p>
+   <p>Per the <a href="https://www.w3.org/TR/security-privacy-questionnaire/#questions">Questions to Consider</a></p>
+   <ol>
+    <li>
+     Does this specification deal with personally-identifiable information? 
+     <p>No.</p>
+    <li>
+     Does this specification deal with high-value data? 
+     <p>No.</p>
+    <li>
+     Does this specification introduce new state for an origin that persists across browsing sessions? 
+     <p>No.</p>
+    <li>
+     Does this specification expose persistent, cross-origin state to the web? 
+     <p>No.</p>
+    <li>
+     Does this specification expose any other data to an origin that it doesn’t currently have access to? 
+     <p>No.</p>
+    <li>
+     Does this specification enable new script execution/loading mechanisms? 
+     <p>No.</p>
+    <li>
+     Does this specification allow an origin access to a user’s location? 
+     <p>No.</p>
+    <li>
+     Does this specification allow an origin access to sensors on a user’s device? 
+     <p>No.</p>
+    <li>
+     Does this specification allow an origin access to aspects of a user’s local computing environment? 
+     <p>No.</p>
+    <li>
+     Does this specification allow an origin access to other devices? 
+     <p>No.</p>
+    <li>
+     Does this specification allow an origin some measure of control over a user agent’s native UI? 
+     <p>No.</p>
+    <li>
+     Does this specification expose temporary identifiers to the web? 
+     <p>No.</p>
+    <li>
+     Does this specification distinguish between behavior in first-party and third-party contexts? 
+     <p>No.</p>
+    <li>
+     How should this specification work in the context of a user agent’s "incognito" mode? 
+     <p>No differently. The website should not be able to determine that the user is
+in an "incognito" mode using scroll-linked animations.</p>
+    <li>
+     Does this specification persist data to a user’s local device? 
+     <p>No.</p>
+    <li>
+     Does this specification have a "Security Considerations" and "Privacy Considerations" section? 
+     <p>Yes.</p>
+    <li>
+     Does this specification allow downgrading default security characteristics? 
+     <p>No.</p>
+   </ol>
   </main>
   <h2 class="no-ref no-num heading settled" id="conformance"><span class="content"> Conformance</span><a class="self-link" href="#conformance"></a></h2>
   <h3 class="heading settled" id="document-conventions"><span class="content"> Document conventions</span><a class="self-link" href="#document-conventions"></a></h3>